Lab 1.2: Allowed (and disallowed…) HTTP Request Methods

Task 1 - Allowed Methods

  1. Navigate to Security -> Application Security -> Security Policies -> Policies List and click Create Policy.

    lab2-1

  2. In the BIG-IP WebUI navigate to Security -> Application Security -> Headers -> Methods.

  3. Policy wide Method permissions are configured here. If your application requires a method beyond the default three, they can be added by clicking the Create button.

    lab2-2

Task 2 - Restricting Method on per URL basis

  1. Let’s return to our Allowed URLs list Security -> Application Security -> URLs -> Allowed URLs.

  2. Click Create and use the following settings:

    lab2-3

  3. Click Create.

  4. Click Apply Policy.

  5. Attempt to login to http://10.1.10.145/WebGoat/login.

  6. What is the result, and why?

Task 3 - Lab Cleanup

  1. Let’s cleanup and prepare for the next module by deleting the lab2 policy we’ve been using.
  2. Navigate to Security -> Application Security -> Security Policies.
  3. Select lab2 and click Delete.
Previous Next